best practices in enterprise iam liza lowery massey montana government it conference december 6,...
TRANSCRIPT
![Page 1: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/1.jpg)
Best Practices in
Enterprise IAM
Liza Lowery Massey
Montana Government IT Conference December 6, 2007
![Page 2: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/2.jpg)
The Issue
More sensitive & confidential data is being stored on-line
We are under attack Securing the enterprise is expensive Security procedures can be counter-
productive Management understanding & support is
lacking
![Page 3: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/3.jpg)
The Solution
Assess and manage your risks Know your data Implement an IAM Program
Processes, technologies & policiesManaging digital identitiesControlling how identities grant access
![Page 4: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/4.jpg)
Assess & Manage Risk
What is likely to occur? What is the impact if it occurs? What mandates exist? How secure do we need to be? What should we do first? What resources do we have/need?
![Page 5: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/5.jpg)
Know Your Data (classification)
Understand applicable state & federal laws Follow best practices Form a cross-organizational team Draft your policy Run it by legal Gain approval Educate the organization
![Page 6: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/6.jpg)
IAM Programs
DriversFearCompliance Improvement
ChallengesFragmentationFundingBalance
![Page 7: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/7.jpg)
IAM Programs
Success Factors Return on InvestmentGovernance
TechnicalAreas to AddressStandardsBest Practices
![Page 8: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/8.jpg)
Areas to Address
ID administration & provisioning Host based access control Extranet access control Single sign on Biometric/strong authentication Web services access management Mainframe access control Monitoring and auditing
![Page 9: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/9.jpg)
Standards
LDAP Lightweight Directory Access Protocol Networking protocol for querying and modifying
directory services Running over TCP/IP
SAML Security assurance markup language XML for IAM over the Web Critical middleware solution for state and local
governments
![Page 10: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/10.jpg)
Best Practices
Availability Authentication Integrity Confidentiality Non-repudiation Compliance
![Page 11: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/11.jpg)
Getting Started
Establish governance Allocate resources Designate a responsible party Prioritize needs Draft & distribute policies Review & modify business processes Plan a phased implementation Identify & deploy technology
![Page 12: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/12.jpg)
The Next Step
Merging physical and logical securityConsolidate responsibilityExample – smart card
Electronically identifies a person Serves as a visual badge Grants access to facilities Part of 2 or 3 tier access to IT applications & data
![Page 13: Best Practices in Enterprise IAM Liza Lowery Massey Montana Government IT Conference December 6, 2007](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697c0291a28abf838cd7568/html5/thumbnails/13.jpg)
Related Reading
I Am Who I Say I AM http://www.centerdigitalgov.com/publications.php